Summary

The Complete Book of Data Anonymization: From Planning to Implementation supplies a 360-degree view of data privacy protection using data anonymization. It examines data anonymization from both a practitioner's and a program sponsor's perspective. Discussing analysis, planning, setup, and governance, it illustrates the entire process of adapting and implementing anonymization tools and programs.

Part I of the book begins by explaining what data anonymization is. It describes how to scope a data anonymization program as well as the challenges involved when planning for this initiative at an enterprisewide level.

Part II describes the different solution patterns and techniques available for data anonymization. It explains how to select a pattern and technique and provides a phased approach towards data anonymization for an application.

A cutting-edge guide to data anonymization implementation, this book delves far beyond data anonymization techniques to supply you with the wide-ranging perspective required to ensure comprehensive protection against misuse of data.

Table of Contents

Overview of Data AnonymizationPoints to PonderPIIPHIWhat is Data Anonymization?What are the Drivers for Data Anonymization? The Need To Protect Sensitive Data Handled As Part Of Business Increasing Instances of Insider Data Leakage, Misuse of Personal Data and the Lure of Money for Mischievous Insiders Employees Getting Even With Employers Negligence of Employees to Sensitivity of Personal Data Astronomical Cost to the Business due to Misuse of Personal DataRisks Arising out of Operational Factors Like Outsourcing and Partner Collaboration Outsourcing Of IT Application Development, Testing And Support Increasing Collaboration With Partners Legal and Compliance RequirementsWill Procuring and Implementing a Data Anonymization Tool by Itself Ensure Protection of Privacy of Sensitive Data? Ambiguity of Operational Aspects Allowing the Same Users to Access both Masked and Unmasked Environment Lack Of Buy-In From IT Application Developers, Testers and End-Users Compartmentalized Approach to Data Anonymization Absence of Data Privacy Protection Policies or Weak enforcement of Data Privacy PoliciesBenefits Of Data Anonymization Implementation

The Different Phases of a Data Anonymization ProgramPoints to PonderHow Should I Go about the Enterprise Data Anonymization Program? The Assessment Phase Tool Evaluation and Solution Definition Phase Data Anonymization Implementation Phase Operations Phase or the Steady-State phaseFood For Thought When Should the Organization Invest on a Data Anonymization Exercise? The Organization’s Security Policies Anyway Mandate Authorization to be Built-in For Every Application. Won’t This be Sufficient? Why is Data Anonymization Needed? Is there a Business Case for Data Anonymization Program in My Organization? When Can a Data Anonymization Program be Called as a Successful One? Why Should I go for a Data Anonymization Tool when SQL Encryption Scripts Can be Used to Anonymize Data? What are the Benefits Provided by Data Masking Tools for Data Anonymization? Why is a Tool Evaluation Phase Needed? Who Should Implement Data Anonymization? Should it be the Tool Vendor or the IT Service Partner or External Consultants or Internal Employees? How Many Rounds of Testing Must be Planned to Certify that Application Behavior is Unchanged with use of Anonymized Data?

Departments Involved in Enterprise Data Anonymization ProgramPoints to PonderThe Role of the Information Security and Risk DepartmentThe Role of the Legal DepartmentThe Role of Application Owners and Business AnalystsThe Role of AdministratorsThe Role of the Project Management Office (PMO)The Role of the Finance departmentSteering Committee

Data Flow Patterns Across EnvironmentsPoints to PonderFlow of Data from Production Environment Databases to Non-Production Environment DatabasesMovement of Anonymized Files from Production Environment to Non-Production EnvironmentsMasked Environment for Integration Testing-Case Study

Data Anonymization ImplementationPoints to PonderPre-Requisites Before Starting The Anonymization Implementation Activities Sensitivity Definition Readiness - What is Considered as Sensitive Data by the Organization? Sensitive Data Discovery- Where does Sensitive Data Exist?Application Architecture AnalysisApplication Sensitivity Analysis What is Sensitivity Level and How Do We Prioritize Sensitive Fields for Treatment?Anonymization Design PhaseAnonymization Implementation, Testing, and Rollout PhaseAnonymization OperationsIncorporation of Privacy protection procedures as part of Software Development Life Cycle and Application Lifecycle for New Applications Impact on SDLC TeamChallenges Faced as part of Any Data Anonymization ImplementationBest Practices To Ensure Success Of Anonymization Projects

Glossary

Author(s) Bio

Balaji Raghunathan has more than 20 years of experience in the software industry. As part of his current role as General Manager, Technology Consulting & Enterprise Architecture, at ITC Infotech, Balaji Raghunathan is responsible for helping the clients of ITC Infotech simplify their technology landscape, assess their readiness for digital initiatives, modernize their technology architecture and prepare them for their digital journey

Balaji Raghunathan has also lead the delivery of digital projects for banking, financial services, and insurance customers as well as helped them define their digital strategy. He has lead strategy engagements for enterprise mobility initiatives as well as developed, managed and commercialized intellectual property (IP) during his prior stints with Capgemini and Infosys. During the last decade, Balaji Raghunathan has been involved in architecting software solutions for the energy, utilities, publishing, transportation, retail, and banking industries

Balaji Raghunathan’s core areas of interest revolves around digital technology strategy, data privacy management and enterprise mobility. He is an avid blogger on Digital Technology Strategy, and has authored the book "The Complete Book of Data Anonymization-From Planning to Implementation". He has also the co-authored a chapter "Mobility and Its Impact on Enterprise Security" for the book "Information Security Management Handbook, Sixth Edition, Volume 7."

He holds a patent on "System and Method for Runtime Data Anonymization" and has a pending patent on "System and Method for categorization of Social Media Conversation for Response Management."

He is a TOGAF 8.0 and ICMG-WWISA Certified Software Architect.

Balaji Raghunathan has a postgraduate diploma in business administration (finance) from Symbiosis Institute (SCDL), Pune, India and has an engineering degree (electrical and electronics) from Bangalore University, India. He has also completed a Senior Leadership Certificate course from Indian Institute of Management, Kozhikode.

Reviews

With more and more regulations focusing on protection of data privacy and prevention of misuse of personal data, anonymization of sensitive data is becoming a critical need for corporate and governmental organizations. This book provides a comprehensive view of data anonymization both from a program sponsor’s perspective as well as a practitioner’s. The special focus on implementation of data anonymization across the enterprise makes this a valuable reference book for large data anonymization implementation programs.—Prasad Joshi, Vice President, Infosys Labs, Infosys Ltd.

This book on data anonymization could not have come at a better time, given the rapid adoption of outsourcing within enterprises and an ever increasing growth of business data. This book is a must read for enterprise data architects and data managers grappling with the problem of balancing the needs of application outsourcing with the requirements for strong data privacy.—Dr. Pramod Varma, Chief Architect, Unique Identification Authority of India

What does "CPD Certified" mean?

CPD consists of any educational activity which helps to maintain and develop knowledge, problem-solving, and technical skills with the aim to provide better health care through higher standards. It could be through conference attendance, group discussion or directed reading to name just a few examples.

Use certain CRC Press medical books to get your CPD points up for revalidation. We provide a free online form to document your learning and a certificate for your records.